From 79da1f6644fde4e8b3014346ce25d0a7b98cd411 Mon Sep 17 00:00:00 2001
From: SebastianStork <git@sstork.dev>
Date: Sun, 11 Jan 2026 21:33:00 +0100
Subject: [PATCH 1/2] vps-*: Fix nebula option name

---
 hosts/vps-monitor/default.nix | 2 +-
 hosts/vps-private/default.nix | 2 +-
 hosts/vps-public/default.nix  | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/hosts/vps-monitor/default.nix b/hosts/vps-monitor/default.nix
index 3b580c8..cd49612 100644
--- a/hosts/vps-monitor/default.nix
+++ b/hosts/vps-monitor/default.nix
@@ -37,7 +37,7 @@
         onlyCleanRoots = true;
       };
 
-      nebula.node.enable = true;
+      nebula.enable = true;
       sshd.enable = true;
       dns.enable = true;
     };
diff --git a/hosts/vps-private/default.nix b/hosts/vps-private/default.nix
index 5888e01..b0f2172 100644
--- a/hosts/vps-private/default.nix
+++ b/hosts/vps-private/default.nix
@@ -41,7 +41,7 @@
           onlyCleanRoots = true;
         };
 
-        nebula.node.enable = true;
+        nebula.enable = true;
         sshd.enable = true;
         dns.enable = true;
 
diff --git a/hosts/vps-public/default.nix b/hosts/vps-public/default.nix
index c35d0f5..78f675c 100644
--- a/hosts/vps-public/default.nix
+++ b/hosts/vps-public/default.nix
@@ -36,7 +36,7 @@
         onlyCleanRoots = true;
       };
 
-      nebula.node.enable = true;
+      nebula.enable = true;
       sshd.enable = true;
 
       crowdsec = {

From 2703325b4d56f88ac0b474fcac9a6f18eb290497 Mon Sep 17 00:00:00 2001
From: SebastianStork <git@sstork.dev>
Date: Sun, 11 Jan 2026 21:38:56 +0100
Subject: [PATCH 2/2] nebula: Change network interface name to `nebula`

---
 modules/system/networking.nix              | 2 +-
 modules/system/services/nebula/default.nix | 3 ++-
 2 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/modules/system/networking.nix b/modules/system/networking.nix
index db3d7d6..4eaace7 100644
--- a/modules/system/networking.nix
+++ b/modules/system/networking.nix
@@ -41,7 +41,7 @@ in
       };
       interface = lib.mkOption {
         type = lib.types.nonEmptyStr;
-        default = "nebula.mesh";
+        default = "nebula";
       };
       systemdUnit = lib.mkOption {
         type = lib.types.nonEmptyStr;
diff --git a/modules/system/services/nebula/default.nix b/modules/system/services/nebula/default.nix
index af31b6e..e02c275 100644
--- a/modules/system/services/nebula/default.nix
+++ b/modules/system/services/nebula/default.nix
@@ -30,7 +30,7 @@ in
       message = "'${netCfg.hostname}' is a Nebula lighthouse, but underlay.isPublic is not set. Lighthouses must be publicly reachable.";
     };
 
-    meta.ports.udp = lib.optional (netCfg.underlay.isPublic) publicPort;
+    meta.ports.udp = lib.optional netCfg.underlay.isPublic publicPort;
 
     sops.secrets."nebula/host-key" = {
       owner = config.users.users.nebula-mesh.name;
@@ -44,6 +44,7 @@ in
       cert = cfg.certificatePath;
       key = config.sops.secrets."nebula/host-key".path;
 
+      tun.device = netCfg.overlay.interface;
       listen.port = lib.mkIf netCfg.underlay.isPublic publicPort;
 
       inherit (netCfg) isLighthouse;